summaryrefslogtreecommitdiffstats
path: root/roles/common/templates
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-16 02:52:55 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-16 05:45:59 +0200
commitbac7811d2b35252b7a83a45d75bb344b4b1776a9 (patch)
tree02176a15d570cab6dbd55b52b6df5c7b7b0538b1 /roles/common/templates
parentc4f24043baeccc95556fb9c3c032505ecadb5fbd (diff)
Upgrade baseline to Debian 10.
Diffstat (limited to 'roles/common/templates')
-rw-r--r--roles/common/templates/etc/bacula/bacula-fd.conf.j25
-rw-r--r--roles/common/templates/etc/munin/munin-node.conf.j22
-rw-r--r--roles/common/templates/etc/munin/plugin-conf.d/munin-node.j22
-rwxr-xr-xroles/common/templates/etc/nftables.conf.j210
-rw-r--r--roles/common/templates/etc/ntp.conf.j22
-rw-r--r--roles/common/templates/etc/postfix/master.cf.j22
6 files changed, 16 insertions, 7 deletions
diff --git a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 b/roles/common/templates/etc/bacula/bacula-fd.conf.j2
index e06911f..db1960e 100644
--- a/roles/common/templates/etc/bacula/bacula-fd.conf.j2
+++ b/roles/common/templates/etc/bacula/bacula-fd.conf.j2
@@ -1,7 +1,8 @@
#
# Default Bacula File Daemon Configuration file
#
-# For Bacula release 5.2.6 (21 February 2012) -- debian jessie/sid
+# For Bacula release 9.4.2 (04 February 2019) -- debian buster/sid
+#
#
# List Directors who are permitted to contact this File daemon
@@ -25,7 +26,7 @@ Messages {
FileDaemon { # define myself
Name = {{ inventory_hostname_short }}-fd
Working Directory = /var/lib/bacula
- Pid Directory = /var/run/bacula
+ Pid Directory = /run/bacula
Maximum Concurrent Jobs = 20
FDAddress = {{ ipsec[inventory_hostname_short] }}
FDPort = 9102
diff --git a/roles/common/templates/etc/munin/munin-node.conf.j2 b/roles/common/templates/etc/munin/munin-node.conf.j2
index 1563526..a1391d9 100644
--- a/roles/common/templates/etc/munin/munin-node.conf.j2
+++ b/roles/common/templates/etc/munin/munin-node.conf.j2
@@ -4,7 +4,7 @@
log_level 4
log_file /var/log/munin/munin-node.log
-pid_file /var/run/munin/munin-node.pid
+pid_file /run/munin/munin-node.pid
background 1
setsid 1
diff --git a/roles/common/templates/etc/munin/plugin-conf.d/munin-node.j2 b/roles/common/templates/etc/munin/plugin-conf.d/munin-node.j2
index 2d434bc..ec471eb 100644
--- a/roles/common/templates/etc/munin/plugin-conf.d/munin-node.j2
+++ b/roles/common/templates/etc/munin/plugin-conf.d/munin-node.j2
@@ -73,7 +73,7 @@ user root
[mysql*]
user root
env.mysqlopts --defaults-file=/etc/mysql/debian.cnf
-env.mysqluser debian-sys-maint
+env.mysqluser root
env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf
[postfix_mailqueue_*]
diff --git a/roles/common/templates/etc/nftables.conf.j2 b/roles/common/templates/etc/nftables.conf.j2
index 1e1fde2..3d2a23d 100755
--- a/roles/common/templates/etc/nftables.conf.j2
+++ b/roles/common/templates/etc/nftables.conf.j2
@@ -86,7 +86,8 @@ table inet filter {
udp sport 53 ct state related,established accept
tcp sport 53 ct state related,established accept
{% if 'dhclient' in group_names %}
- udp sport 67 ct state related,established accept
+ ip version 4 udp sport 67 udp dport 68 ct state related,established accept
+ ip6 version 6 udp sport 547 udp dport 546 ct state related,established accept
{% endif %}
meta l4proto tcp ip saddr @fail2ban counter drop
@@ -115,13 +116,18 @@ table inet filter {
jump invalid
udp sport 123 udp dport 123 ct state new,related,established accept
+{% if groups.all | length > 1 %}
udp sport 500 udp dport 500 ct state new,related,established accept
+{% if groups.NATed | length > 0 %}
udp sport 4500 udp dport 4500 ct state new,related,established accept
+{% endif %}
+{% endif %}
udp dport 53 ct state new,related,established accept
tcp dport 53 ct state new,related,established accept
{% if 'dhclient' in group_names %}
- udp dport 67 ct state new,related,established accept
+ ip version 4 udp sport 68 udp dport 67 ct state new,related,established accept
+ ip6 version 6 udp sport 546 udp dport 547 ct state new,related,established accept
{% endif %}
tcp sport $in-tcp-ports ct state related,established accept
diff --git a/roles/common/templates/etc/ntp.conf.j2 b/roles/common/templates/etc/ntp.conf.j2
index 18c03cf..1016d55 100644
--- a/roles/common/templates/etc/ntp.conf.j2
+++ b/roles/common/templates/etc/ntp.conf.j2
@@ -2,6 +2,8 @@
driftfile /var/lib/ntp/ntp.drift
+# Leap seconds definition provided by tzdata
+leapfile /usr/share/zoneinfo/leap-seconds.list
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
diff --git a/roles/common/templates/etc/postfix/master.cf.j2 b/roles/common/templates/etc/postfix/master.cf.j2
index a9c73f7..2c00250 100644
--- a/roles/common/templates/etc/postfix/master.cf.j2
+++ b/roles/common/templates/etc/postfix/master.cf.j2
@@ -85,7 +85,7 @@ sympa unix - n n - - pipe
{% if inst is defined and inst == 'out' %}
# Client part (lmtp) - amavis
-amavisfeed unix - - n - 5 lmtp
+amavisfeed unix - - y - 5 lmtp
-o lmtp_destination_recipient_limit=1000
-o lmtp_send_xforward_command=yes
-o lmtp_data_done_timeout=1200s